How to enable remote REST API access for VMware Fusion 10

In case you did not hear the good news, VMware Fusion 10 along with its older brother VMware Workstation 14 just GA'ed a few days ago and there are a TON of cool new features (like new Network Simulator) for both product lines. I am personally excited about the Automation capabilities that have been introduced in Fusion which includes a brand new REST API which I wrote about here during the Tech Preview release.

There was a lot of great feedback both from the community as well as myself on the REST API in particular. It looks like Fusion team took the feedback very seriously and have made a number of improvements to the GA release.

The first enhancement is that users will now be required to setup credentials before the REST API endpoint can start. During the Tech Preview, there was no way to setup passwords and anyone could login remotely to the API which was not a good thing from a security standpoint. Below is a screenshot if you try to run the vmrest binary without configuring your credentials.

Secondly, there are a number of configurable options that the vmrest utility now supports such as binding to a specific IP Address or changing the default port. These were not configurable during the Tech Preview and I am glad the Fusion team has added more flexibility to where the REST API endpoint could run.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

Usage of./vmrest:

-c,--cert-path<cert-path>

REST API Server certificate path

-C,--config

Configure credential

-d,--debug

Enable debug logging

-h,--help

Print usage

-i,--ip<ip>

REST API Server IP binding(default127.0.0.1)

-k,--key-path<key-path>

REST API Server privatekey path

-p,--port<port>

REST API Server port(default8697)

-v,--version

Print version information

Lastly, the REST API now also supports both HTTP and HTTPS where-as before, only HTTP was supported. In addition, if you wish to expose the REST API remotely (e.g. not-running on the loop back address), you will also be required to have the API endpoint running over HTTPS. Overall, these are fantastic changes and thank you to the Fusion team for being security conscious with their first release of the Fusion REST APIs.

After upgrading to Fusion 10 on my home machine, I wanted to enable remote access to the REST API but I could not find any instructions on how to set that up. I figure it should not be that difficult and the help menu mentioned the need for a private key and certificate, so I tried my luck with generating a self-signed openssl-based certificate and that worked!

Here are the instructions on enabling remote access to Fusion REST API:

Step 1 - Generate the private key and SSL Certificate by running the following command:

Step 2 - Setup your Fusion REST API credentials. To do so, first change into the /Applications/VMware Fusion.app/Contents/Public directory. Next, run the following command:

./vmrest -C

Step 3 - Start the Fusion REST API by running the following command and specifying the full path to both the fusionapi-key.pem and fusionapi-cert.pem files as well as the IP Address you wish to serve the REST API endpoint off of:

If the operation was successful, you should see a message like the one below stating the REST API is now listening to the IP Address and port you had provided.

To verify that we can connect to the REST API remotely, lets go ahead and use our favorite REST Client, cURL! You can actually use any client from PowerShell to Postman, but since I am on a macOS system, that is the least amount of effort.

We will need to provide our credentials, using the -u option and then REST API endpoint and we will perform a GET on /vms to list all VMs within our Fusion instance by running the following:

The “-u” curl option encodes and presents the supplied credentials using the most secure authentication method supported by the remote server. Which, in this case, is HTTP Basic auth — it’s not clear to me why you’d want to do that by hand. (except just for fun? 🙂

Primary Sidebar

Search this website

Author

William Lam is a Staff Solutions Architect working in the VMware Cloud on AWS team within the Cloud Platform Business Unit (CPBU) at VMware. He focuses on Automation, Integration and Operation of the VMware Software Defined Datacenter (SDDC).